Home GnuPG
Diffusion GnuPG b89b1f35c29c

agent: Ignore passphrase constraints for a generated passphrase.
b89b1f35c29c
Actions

Description

agent: Ignore passphrase constraints for a generated passphrase.

* agent/agent.h (PINENTRY_STATUS_PASSWORD_GENERATED): New.
(MAX_GENPIN_TRIES): Remove.
* agent/call-pinentry.c (struct entry_parm_s):
(struct inq_cb_parm_s): Add genpinhash and genpinhas_valid.
(is_generated_pin): New.
(inq_cb): Suppress constraints checking for a generated passphrase.
No more need for several tries to generate the passphrase.
(do_getpin): Store a generated passphrase/pin in the status field.
(agent_askpin): Suppress constraints checking for a generated
passphrase.
(agent_get_passphrase): Ditto.
* agent/command.c (cmd_get_passphrase): Ditto.

A generated passphrase has enough entropy so that all kind of extra
checks would only reduce the actual available entropy. We thus detect
if a passphrase has been generated (and not changed) and skip all
passphrase constraints checking.

Details

Provenance
wernerAuthored on Aug 18 2021, 6:24 PM
Parents
rG8ed79103474c: agent: Improve the GENPIN callback.
Branches
Unknown
Tags
Unknown

Event Timeline

werner committed rGb89b1f35c29c: agent: Ignore passphrase constraints for a generated passphrase. (authored by werner).Aug 18 2021, 6:46 PM
ikloecker added a subscriber: ikloecker.Sep 6 2021, 5:29 PM

This commit breaks decryption of symmetrically encrypted data. gpg-agent segfaults after one has entered the passphrase in pinentry.

How to reproduce:

  1. Create a symmetrically encrypted file. I used the passphrase testtest1.
  2. Try to decrypt the file with gpg --decrypt test.gpg.

I get this output:

gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: AES256.CFB encrypted data
gpg: problem with the agent: End of file
gpg: encrypted with 1 passphrase
gpg: decryption failed: Bad session key

If I attach to gpg-agent while pinentry is asking for the passphrase, then I get the following in gdb after entering the passphrase:

Attaching to process 3484
[New LWP 3485]
[New LWP 3489]
Download failed: Function not implemented.  Continuing without debug info for /lib64/libpthread.so.0.
Download failed: Function not implemented.  Continuing without debug info for /lib64/libc.so.6.
Download failed: Function not implemented.  Continuing without debug info for /lib64/ld-linux-x86-64.so.2.
Download failed: Function not implemented.  Continuing without debug info for /home/ingo/dev/kde/system-supplied DSO at 0x7ffc1f3cc000.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
0x00007f75593dde83 in pselect () from /lib64/libc.so.6
Missing separate debuginfos, use: zypper install glibc-debuginfo-2.33-9.1.x86_64
(gdb) c
Continuing.
[Thread 0x7f7558a8a640 (LWP 3489) exited]

Thread 2 "gpg-agent" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f755928b640 (LWP 3485)]
cmd_get_passphrase (ctx=0x7f7554000be0, line=<optimized out>) at /home/ingo/dev/g10/src/gnupg/agent/command.c:1957
1957          entry_errtext = NULL;
(gdb) bt
#0  cmd_get_passphrase (ctx=0x7f7554000be0, line=<optimized out>) at /home/ingo/dev/g10/src/gnupg/agent/command.c:1957
#1  0x00007f755952a7aa in dispatch_command (ctx=0x7f7554000be0, 
    line=0x7f7554000d3f "--data --repeat=0 -- SB99729214907A4D4", linelen=<optimized out>)
    at /home/ingo/dev/g10/src/libassuan/src/assuan-handler.c:676
#2  0x00007f755952abb9 in process_request (ctx=0x7f7554000be0)
    at /home/ingo/dev/g10/src/libassuan/src/assuan-handler.c:872
#3  assuan_process (ctx=0x7f7554000be0) at /home/ingo/dev/g10/src/libassuan/src/assuan-handler.c:895
#4  0x0000000000414319 in start_command_handler (ctrl=ctrl@entry=0x587470, listen_fd=listen_fd@entry=-1, 
    fd=<optimized out>) at /home/ingo/dev/g10/src/gnupg/agent/command.c:4133
#5  0x000000000040c0d6 in do_start_connection_thread (ctrl=0x587470)
    at /home/ingo/dev/g10/src/gnupg/agent/gpg-agent.c:2738
#6  0x00007f755951d48e in thread_start (startup_arg=<optimized out>) at /home/ingo/dev/g10/src/npth/src/npth.c:307
#7  0x00007f75594e5259 in start_thread () from /lib64/libpthread.so.0
#8  0x00007f75593e62b3 in clone () from /lib64/libc.so.6

Okay, I see the problem now. See inline comment.

/agent/command.c
1958

pi is NULL.

werner added a comment.Sep 7 2021, 7:56 AM

The task is T5577 (which I accidently closed during triage)

werner mentioned this in rGaf3b1901549b: agent: Fix segv in GET_PASSPHRASE (regression).Sep 7 2021, 9:43 AM

Changes (4)

PathSize
agent/
doc/

rGb89b1f35c29c

View Options

agent/agent.h

Loading...
View Options

agent/call-pinentry.c

Loading...
View Options

agent/command.c

Loading...
View Options

doc/gpg-agent.texi

Loading...